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Amendment to the Claims 



Please amend the Claims 1 , 5, 6, 10, 14, 15, 19, 23, and 24 as follows: 



5 



1 . (currently amended) A process for a simplified access control language thai controls 
access to directory entries in a computer environment, comprising the steps of: 

providing a us e r d e fin e d aoc ese control command attribute road l ict oontaining u se r 
id e ntifications that are al l owed to road a spociflod -se t of Lightwe i ght Dir e ctory Acc e ss 
10 Protocol (LD A P) attribut o s; 

providing a system administrator defined read access control command for a user : 
wh e r ei n s a i d r e ad acc ess contro l command r e sid e s in a d i r e ctory oontaining caid 
LDAP attribut e s; 

said system administrator defined read access control command listing a set of 
15 LiQhtweight_D_irectory Access Protocol user attributes selected ard controlled by said 
administrator: 

said user selecting a subset from said system administrator defined LDAP user 
• attributes that - said admini s trator ha s so l Qctod for j for allowing user defined read access to 
other users: 

20 providing a user defined access control command attribute read list containing user 

Identrfications that are allowed to read said user defined subset of said system administrator 
defined LDAP user attributes; and 

said read access control command referring to said user defined read list at runtime 
thereby allowing said read user identifications read access to said system administrator 
25 defined LDAP user attributesr: 

. wherein said read access controi command resides in a directory containing said 
LDAP attributes. 

2. (original) The process of Claim 1 , wherein upon a client read access, the directory server 
30 selects a specific read access control command according to the attribute being accessed 

and refers to the read list of the owner of the attribute being accessed to detenmine if said 
client has permission to execute said read access. 

3. (original) The process of Claim 1 , further comprising the steps of: 

35 providing a user defined write list containing user identifications that are allowed to 

write a specified set of attributes; 
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providing a system administrator defined write access control command; 

said write access control command listing the user attributes that said administrator 
has selected for user defined write access; and 

said write access control command referring to said user defined write list thereby 
allowing said write user identifications write access to said user attributes. 

4, (original) The process of Claim 3, wherein upon a client write access, the directory server 
selects a specific write access control command according to the attribute being accessed 
and refers to the write list of the owner of the attribute being accessed to determine if said 
client has permission to execute said write access. 

5. (currently amended) A process for a simplified access control language that controls 
access to directory entries in a computer environment, comprising the steps of: 

providing for a user a system administrator defined read access control command 
that lists Lightweight Directory Access Protocol (LDAP) user attributes that said administrator 
has selected for user defined read acces s, said user selecting a subset of user defined 
LDAP user attributes from said list for read acces$_to_other users : 

providing for a user a system administrator defined write access control command 
that lists LDAP user attributes that said administrator has selected for user defined write 
acces s, said user selecting a subset of user defined LDAP user attributes from said list for 
write access to other users : 

providing a plurality of user defined access control command attribute read lists 
containing user identifications that are allowed to read said user defined subset from said 
UDAP user attributes that said administrator has selected for user defined read access; and 

providing a plurality of user defined access control command attribute write lists 
containing user identifications that are allowed to write said _use_L_d_e_fjne_d_subset from said 
LDAP user attributes that said administrator has selected for user defined write access; 

wherein said read access control command and said write access control command 
reside In a directory containing said LDAP user attributes; 

wherein when a client read access to one of the LDAP user attributes that said 
administrator has selected for user defined read access occurs, said read access control 
command and the read list of the owner of the attribute being accessed are used to 
determine if said client has permission to execute said read access; and 

wherein when a client write access to one of the LDAP user attributes that said 
administrator has selected for user defined write access occurs, said write access control 
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command and the write list of the owner of the attribute being accessed are used to 
determine if said client has permission to execute seud write across. 

6. (currently amended) A process for a simplified access control language that controls 
5 access to directory entries in a computer environment, comprising the steps of: 

provid i ng a u se r dof i nod access control - GO Rfl mand attributo writo list - conta i n i ng uso f 
id o n ti fi ca ti on s- that ar e al l ow e d to writ e a s p e cifi e d s et of Lightwe i ght Dir e ctory Aoo ese 
Protocol (LDAP) attributco; - 

providing a system adminfetrator defined write access control command for a user 
10 wh e r e in sa i d writo - accoss control command r es id es in a dir e ctory containing s aid 

LDAP attributes; 

said system administrator defined write access control command listing a set of 
Lightweight Directory Access PrDtocol user attributes selected and controlled by said 
administrator 

15 said user selecting a subset from said system administrator defined LDAP user 

attributes that said adm i nistrator has eoloctod for f or allowing user defined write access to 
other users: 

providing a user defined access control command attribute write list containing user 
identifications that are allowed to write said user defined subset of said system administrator 
20 defined LDAP user attributes: and 

said write access control command referring to said user defined write list at runtime 
thereby allowing said write user identifications write access to said system administrator 
defined LDAP user attributes=i 

wherein said write access control command resides in a directory containing said 
25 LDAP attributes. 

7. (original) The process of Claim 6, wherein upon a client write access, the directory server 
selects a specific write access control command according to the attribute being accessed 
and refers to the write list of the owner of the attribute being accessed to determine if said 

30 client has permission to execute said write access. 

8. (original) The process of Claim 6, further comprising the steps of: 

providing a user defined read list containing user identifications that are allowed to 
read a specified set of attributes; and 
35 providing a system administrator defined read access control command; 
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wherein said read access control command lists the .user attributes that said 
administrator has selected for user defined read acxiess; and 

wherein said read access control command refers to said user defined read list thereby 
allowing said read user identifications read access to said user attributes. 

5 

9. (original) The process of Claim 8, wherein upon a client read access, the directory server 
selects a specific read access control command according to the attribute being accessed 
and refers to the read list of the owner of the attribute being accessed to determine if said 
client has permission to execute said read access. 

10 

10. (currently amended) An apparatus for a simplified access control language that controls 
access to directory entries in a computer environment, comprising: 

a u se r d e fin e d access - control command attributo — pead — li st conta i ning usor 
id e ntifications that aro a l lowed to r e ad a s pecifi e d sot of Lightweight Dir e ctory Acc ess 
15 P f otoco l (LDAP) attribut es ; and 

a system administrator defined read access control command for a user 
wh e r e in s aid r e ad aoo es s control command r es id es in a dir e ctory containing said 
LDAP attribut es ; 

wher ei n said r e ad aoo e ss control command lists LDAP ucor attributoc that said 
20 admin is trator has solootod for us e r d e fin e d r e ad acc ess ; and 

wh e r e in said r e ad acc ess contro l command rotors - to - s aid u se r d e f i n e d r e ad li s t at 
runtime theroby - al l Qw iR § -« aid r e ad us e r id e ntifications read aoooss - to - gaid LDAP usor 
attributos. 

means for said system administrator defined read access control command fisting a 
25 set of Lightweight Directory Access Protocol (LDAP) user attnTputes selected and controlled 
bv said administrator 

means for said user selecting a subset from said system administrator defined 
LDAP user attributes for allowing user defined read ac cess to other users: 

a user defined access control command attribute read list containino user 
30 identifications that are allowed to read said user defined subset of system adminislnator 
defined LDAP user attributes; and 

means for said re ad access control command referring to said user defined read list at 
runtime thereby allowing said read user identifications read access to said system 
administrator defined LDAP user attributes: 
35 where in said read access control command resides in a directory containing said 

LDAP user attributes, 
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11. (original) The apparatus of Claim 10, wherein upon a dient read access, the directory 
server selects a specific read access control command according to the attribute being 
accessed and refers to the read list of the owner of the attribute being accessed to 
5 detenmine if said client has pemnission to execute said read access. 



a user defined write list containing user identifications that are allowed to write a 
specified set of attributes; and 



wherein said write access control command lists the user attributes that said 
administrator has selected for user defined write access; and 

wherein said write aooess control command refers to said user defined write list 
1 5 thereby allowing said write user identifications write access to said user attributes. 

13. (original) The apparatus of Claim 12, wherein upon a client write access, the directory 
server selects a spedfic write access control command according to the attribute being 
accessed and refers to the write list of the owner of the attribute being accessed to 

20 determine if said client has permission to execute said write access. 

14. (currently amended) An apparatus for a simplified access control language that controls 
access to directory entries in a computer erwironment. comprising: 

a system administrator defined read access control command for a user that lists 
25 Lightweight Directory Access Protocol (LDAP) user attributes that said administrator has 
selected for user defined read access , said user selecting a subset of user defined LDAP 
user attributes from said list for read access to other users : 

a system administrator defined write access control command for a user that lists 
LDAP user attributes that said administrator has selected for user defined write access , said 
30 user selecting a subset of user defined LDAP_ user attributes from said list for write access 
to other users ; 

a plurality of user defined access control command attribute read lists containing user 
identifications that are allowed to read said user defined subset from said LDAP user 
attributes that said administrator has selected for user defined read access; and 



1 2. (original) The apparatus of Claim 1 0, further comprising: 
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a system administrator defined write access control commarKi; 
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a plurality of user defined access control command attribute write lists containing user . 
Identrfications that are allowed to write said user defined subset from said LDAP user 
attributes that said administrator has selected for user defined write access; 

wherein said read access control command and said write access control command 
reside in a directory containing said LDAP attributes; 

wherein when a client read access to one of the LDAP user attributes thai said 
administrator has selected for user defined read access occurs, said read access control 
command and the read list of the owner of the attribute being accessed are used to 
determine if said client has permission to execute said read access; and 

wherein when a dient write access to one of the LDAP user attributes that said 
administrator has selected for user defined write access occurs, said write access control 
command and the write list of the owner of the attribute being accessed are used to 
determirte if said client has permission to execute said write access. 

15. (currently amended) An apparatus for a simplified access control language that controls 

access to directory entries in a computer environment, comprising; 

a usor dof i n e d acc ess contro l command -attribut e writ e list containing us e r 

id e ntification s that ar e allow e d to -w yi tQ a spocifi e d se t of Lightw ei ght D i rootory ^ AcG ess 

Protoco l (LDAP) attributoc; and 

a system administrator defined write access control command for a user : 

whoroin said write acc eee control command rosido s in a d i r e ctory containing oaid 

LDAP attribut es ; 

whoro i n said writ e acc ess contro l command -l i s ts LDAP us e r attribute s that said 
administrator ha s sel e cted for user defined writ e acc ess ; and 

wherein said write acc ess contro l command rofore to said u se r d e f i n e d writ e list at 
runtimo th e r e by al l owing s ^'d write user idontificat i on s writ e acc e ss to said -LDAP ucor 
attribut eS i 

means for said syste m administrator defined write access control command listing a 
set of Lightweight Directon/ Access. Protocol ^LDAP) user attributes selected and controlled 
by said administrator: 

means for said user selecting a subset from said system administrator defined 
LDAP user attributes for allowing user defined write access to other users: 

a user define d access control command attribute write list containing user 
identifications that are allowed to write said u ser defined subset of system administrator 
defined LDAP user attributes: and 
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means for said write access control command fiefeiTing. to_said user defined write list 
at mntime thereby allowing said write user Identifications write access to said system 
administrator defined LDAP user attributes: 

wherein said write acx^ess oontrol command resides in a directory 
5 containing said LDAP user attributes. 

16* (original) The apparatus of Claim 15, wherein upon a client write access, the directory 
sers/er selects a specific write access control command according to the attribute being 
accessed and refers to the write list of the owner of the attribute being accessed to 
1 0 determine If said client has permission to execute said write access. 

1 7. (original) The apparatus of Claim 1 5. further comprising; 

a user defined read list containing user identifications that are allowed to read a 
specified set of attributes; 
15 a system administrator defined read access control command; 

wherein said read access oontrol command lists the user attributes that said 
administrator has selected for user defined read access; and 

wherein said read access oontrol command refers to said user defined read list thereby 
allowing said read user Identifications read access to said user attributes. 

20 

18. (original) The apparatus of Claim 17, wherein upon a client read access, the directory 
server selects a specific read access control command acoording to the attribute being 
accessed and refers to the read list of the owner of the attribute being accessed to 
determine if said client has permission to execute said read access. 

25 

19. (cunBntty amended) A program storage medium readable by a computer, tangibly 
embodying a program of instructions executable by the computer to perform method 
steps for a simplified access control language that controls access to directory entries in a 
computer environment, comprising the steps of: 

30 prov i d i ng a u se r d e fined - accos s- ^QntPQl command attribut e r e ad l ist oont c uning usof 

id e ntifioations that aro allow e d to r e ad a spocifiod sot - of - L i ghtw e ight Dir e ctory Acc e ss 
Protoco l (LDAP) attributoc; 

providing a system administrator defined read access control command for a user : 
whoroin sa i d road acc ess oontro l command rosidoc in a directory containing cold 
35 LDAP attributoci 
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said system administrator defined read access control command listing a set of 
Lightweight Directory Access Protocol user attributes selected and controHed bv said 
administrator 

said user selecting a subset from said system administrat or defined LDAP user 
5 attributes that sa l d^dmin i strator has coloct e d for f or allowing user defined read access to 
other usere: 

providing a user defined access control command attribute read list containing user 
identifications that are allowed to read said user defined subset of said system administrator 
(jgfined LOA P Mser^ttributQs; and 
1 0 said read access control command referring to said user defined read list at njntime 

thereby allowing said read user identificalions read access to said system administrator 
defined LDAP user attributesri 

wherein said read access control command resides In a directory containing said 
LDAP attributes, 

15 

20, (original) The method of Claim 19, wherein upon a client read access, the directory 
server selects a specific read access control command according to the attribute being 
accessed and refers to the read list of the owner of the attribute being accessed to 
determine if said client has permission to execute said read access. 

20 

21 . (original) The method of Claim 1 9, further comprising the steps of: 

providing a user defined write list containing user identifications that are allowed to 
write a specified set of attributes; 

providing a system administrator defined write access control command; 
25 said write access control command listing the user attributes that said administrator 

has selected for user defined write access; and 

said write access control command referring to said user defined write list thereby 
allowing said write user identifications write access to said user attributes. 

30 22. (original) The method of Claim 21. wherein upon a client write access, the directory 
server selects a specific write access control command according to the attn"bute being 
accessed and refers to the write list of the owner of the attribute being accessed to 
determine if said client has permission to execute said write access. 

35 23.(cun^ntly amended) A program storage medium readable by a computer, tangibly 
embodying a program of instructions executable by the computer to perform method 
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Steps for a simplified access control language that controls access to directory entries in a 
computer environment, comprising tlie steps of: 

providing for a^user a system administrator defined read access control command 
that lists Lightweight Directory Access Protocol (LDAP) user attributes that said administrator 
5 has selected for user defined read acc^s , said user selecting a subset of user defined 
LDAP user attributes from said list for read_acoess to other users : 

providing for a user a system administrator defined write access control command 
that lists LDAP user attributes that said administi^ator has selected for user defined write 
acces s. said user selecting a subset of user defined LDAP user attributes from said list for 
10 write access to other users : 

providing a plurality of user defined access control command attribute read lists 
containing user identifications tiiat are allowed to read said user defined subset from said 
LDAP user attributes that said administrator has selected for user defined read access; 

providing a plurality of user defined access control command attribute write lists 
1 5 containing user identifications that are allowed to write said user defined subset from said 
LDAP user attributes that said administrator has selected for user defined write access; 

wherein said read access control command arxl said write access control command 
reside in a directory containing said LDAP attributes; 

wherein when a dient read access to one of the LDAP user attributes that said 
20 administrator has selected for user defined read access occurs, said read access 

control command and the read list of the owner of the attribute being accessed are 
used to determine if said client has permission to execute said read access; and 

wfierein when a dient write access to one of the LDAP user attributes that said 
administrator has selected for user defined write access occuns, said write access control 
25 command and the write list of the owner of the attribute being accessed are used to 
determine If said client has permission to execute said write access. 

24. (currently amended) A program storage medium readable by a computer, tangibly 

embodying a program of instructions executable by the computer to perform method 
30 steps for a simplified access control language that controls access to directory entries In a 

computer environment, comprising the steps of: 

prov i ding a usor d e fin e d aco ess control command attribut e writ e list conta i ning us e r 

idont i ficationo that ar e allow e d to write a spoc i f i od se t of L i ghtw e ight D i rootory Acoos& 

Protocol (LDAP) attributo sf 
35 providing a system administrator defined write access control command for a user : 
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wheroin said writo acxx^ss - control oommand ro s>€lo o In a directory Gontalning caid 
LDAP attribut es ; 

said system administrator defined write access control command listing a set of 
Lightweight Directory Access Protocol user attrlbirtes selected and controlled by said 
5 administrator 

said user selecting a subset froTGusaid system administrator defined LDAP user 
attributes that said - administratQr-has se l e ct e d for f or allowing user defined write access to 
other users; 

- providing a user defined access control command attribute write list oontaininQ user 
10 identifications that are allowed to write said user defined subset of said system administrator 
defined LDAP user attributes: and 

said write access control command refemng to said user defined write list at runtinne 
thereby allowing said write user identifications write access to said system administrator 
defined LDAP user attributes^; 
15 wherein said write access control command re sides in a directory containing said 

LDAP attributes. 
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